package login;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * A Servlet that handles logins for the SeedSwap system
 * @author The Freds
 */
public class LoginServlet extends HttpServlet {
        
        /**
         * The constructor for the LoginServlet
         */
        public LoginServlet() {
        super();
    }

	/**
	 * method called for GET action
         * 
         * @param request 
         * @param response 
         * @throws ServletException
         * @throws IOException  
         */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		
	}

	/**
	 * method called for POST action from the form on index.jsp  It coordinates
         * the login process by first using userAttempt to store the login info submitted 
         * in index.jsp, so that it can be passed around in LoginDAO.
         * 
         * LoginDAO connects to the database checks to see if the login is valid
         * 
         * If the login is correct, userAttempts "valid" field is set to true
         * and consecutive fails to 0.  Then, the user is directed to the home.jsp
         * 
         * If false, the number of fails is incremented in the database and stored in userAttempt.
         * The user is sent back to the index.jsp with a parameter of the number of fails.
         * That parameter will then lead to the display of the correct error message
         * 
         * 
         * 
         * @param request 
         * @param response
         * @throws ServletException
         * @throws IOException  
         */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try
		{
                        //getting login form data
			User userAttempt = new User(request.getParameter("uname"), request.getParameter("password"));
                        //sending it to LoginDAO to have "valid" and "consecutiveFails" set appropriately
			userAttempt = LoginDAO.login(userAttempt);
			if(userAttempt.isValid())//user logged in and was not locked
			{
                            userAttempt.setUsername(userAttempt.getUsername().replaceAll("''","'"));
                            HttpSession session = request.getSession(true);
                            session.setAttribute("currentSessionUser",userAttempt);
				if(userAttempt.isAdmin()){
                                    response.sendRedirect("admin.jsp");
                                }else{
                                    response.sendRedirect("home.jsp");
                                }
			}else{
                            response.sendRedirect("index.jsp?fails="+userAttempt.getFails());
                        }
		} catch (Throwable exc)
		{ 
			System.out.println(exc);
		}
	}

}
